open the /etc/pure-ftpd.conf configuration file
PassivePortRange 30000 50000
If your FTP server exists behind a NAT configuration, set the ForcePassiveIP option to the FTP server’s public IP address.
In the following example, 10.3.5.333 represents your FTP server’s public IP address:
ForcePassiveIP 10.3.5.333
Open the /etc/sysconfig/iptables file with a text editor and add a line that allows connections through the passive port range that you set. For example:
iptables -I INPUT 2 -p tcp –dport 30000:50000 -j ACCEPT
atau
-A cP-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 30000:50000 -j ACCEPT
If your FTP server exists on a CentOS 7, CloudLinux™ 7, or Red Hat® Enterprise Linux (RHEL) 7 server, run the following commands to allow connections through the passive port range that you set:
firewall-cmd –permanent –zone=public –add-service=ftp
firewall-cmd –permanent –add-port=30000-50000/tcp
firewall-cmd –reload
Run the /usr/local/cpanel/scripts/restartsrv_ftpserver command to restart the FTP server.
To make these changes permanent, you must append the passive ports to the configuration file. To do this, run the following commands as the root user:
echo “PassivePortRange: 30000 50000” >> /var/cpanel/conf/pureftpd/main
/usr/local/cpanel/scripts/setupftpserver pure-ftpd –force
If your FTP server exists behind a NAT configuration, run the following command:
echo “ForcePassiveIP: 10.3.5.333” >> /var/cpanel/conf/pureftpd/main
Note:
10.3.5.333 represents your FTP server’s public IP address.